09 February 2010

China Hackers Update: Arrests and Details

It is inevitable after the Google hacks, as they are known, that China responds by showing its international business partners that they do not condone hacking.

China Daily reports that the biggest hacker training site has been shut down. via RWW

"I could download trojan programs from the site which allowed me to control other people's computers. I did this just for fun but I also know that many other members could make a fortune by attacking other people's accounts," said a 23-year-old member of Black Hawk Safety Net in Nanjing of East China's Jiangsu province, who asked to remain anonymous.

They seized nine Web servers, five computers and one car, and shut down all the sites involved in the case, according to the provincial public security department.

So there you go Google - nothing to worry about. The "provincial public security department" got the baddies. Carry on.

Of course there's no reported link with what is now clearly a much larger and more sophisticated program of industrial espionage than previously thought as reported in detail by wired magazine.

The salient points of the wired article are:

  • The hacks have compromised thousands of companies, not just 37 as previously reported.
  • Most of the compromises are currently still active and law enforcement has been contacting companies to let them know they have been compromised.
  • The exploit was an IE 6 security flaw that was first reported to Microsoft by an Israeli researcher in September 2009 but which remained unpatched for months. ("0-day")
  • The attack profile include multiple-year-long occupation of companies' computer systems and typically involved hidden siphoning of large amounts of private data including email, documents, etc. This is in contrast to the smash and grab techniques more common in the past.
  • Existing security software (like antivirus software) is not able to detect this attack profile or the malware used to initiate it.
  • The full extent of data theft will never be known.
  • The goal of the attacks appears to be coroporate and national espionage.
  • The hackers have levelled up.
  • The trail goes dead in Taiwan where the data was siphoned to and China where the spear phishing attacks were initiated from.

Now it really feels like we're living in a Neal Stephenson novel.

No comments:

Post a Comment